From ab007e4ab8852bb11a4f9361a87d5e1b14d5c07c Mon Sep 17 00:00:00 2001 From: Smana Date: Tue, 9 Feb 2016 17:16:16 +0100 Subject: [PATCH 1/2] weave network plugin --- roles/download/defaults/main.yml | 9 +++ roles/kubernetes/node/templates/kubelet.j2 | 4 +- .../node/templates/kubelet.service.j2 | 21 +++--- roles/network_plugin/meta/main.yml | 2 + roles/network_plugin/weave/defaults/main.yml | 11 ++++ roles/network_plugin/weave/handlers/main.yml | 48 ++++++++++++++ roles/network_plugin/weave/tasks/main.yml | 64 +++++++++++++++++++ roles/network_plugin/weave/templates/docker | 6 ++ .../weave/templates/systemd-docker.service | 28 ++++++++ roles/network_plugin/weave/templates/weave | 4 ++ roles/network_plugin/weave/templates/weave.j2 | 6 ++ .../weave/templates/weave.service.j2 | 16 +++++ .../weave/templates/weaveexpose.service.j2 | 18 ++++++ .../weave/templates/weaveproxy.service.j2 | 16 +++++ 14 files changed, 242 insertions(+), 11 deletions(-) create mode 100644 roles/network_plugin/weave/defaults/main.yml create mode 100644 roles/network_plugin/weave/handlers/main.yml create mode 100644 roles/network_plugin/weave/tasks/main.yml create mode 100644 roles/network_plugin/weave/templates/docker create mode 100644 roles/network_plugin/weave/templates/systemd-docker.service create mode 100644 roles/network_plugin/weave/templates/weave create mode 100644 roles/network_plugin/weave/templates/weave.j2 create mode 100644 roles/network_plugin/weave/templates/weave.service.j2 create mode 100644 roles/network_plugin/weave/templates/weaveexpose.service.j2 create mode 100644 roles/network_plugin/weave/templates/weaveproxy.service.j2 diff --git a/roles/download/defaults/main.yml b/roles/download/defaults/main.yml index d4f5af875..f35c1a2a0 100644 --- a/roles/download/defaults/main.yml +++ b/roles/download/defaults/main.yml @@ -13,11 +13,13 @@ etcd_download_url: "https://github.com/coreos/etcd/releases/download/{{ etcd_ver calico_download_url: "https://github.com/Metaswitch/calico-docker/releases/download/{{calico_version}}/calicoctl" calico_cni_download_url: "https://github.com/projectcalico/calico-cni/releases/download/{{calico_cni_version}}/calico" calico_cni_ipam_download_url: "https://github.com/projectcalico/calico-cni/releases/download/{{calico_cni_version}}/calico-ipam" +weave_download_url: "http://git.io/weave" # Checksums calico_checksum: "cfbbcad4b3b7d79be9a25bcdc153ec1d139eecd54840914a363b0710eebc5c51" calico_cni_checksum: "cfbb95d4416cb65845a188f3bd991fff232bd5ce3463b2919d586ab77967aecd" calico_cni_ipam_checksum: "93ebf8756b26314e1e3f612f1e824418cbb0a8df2942664422e697bcb109fbb2" +weave_checksum: "152942c330f87ab475d87d9311b91674b90f25ea685bd4e04e0495d5fe09a957" etcd_checksum: "6c4e5cdeaaac1a70b8f06b5dd6b82c37ff19993c9bca81248975610e555c4b9b" kubectl_checksum: "873ba19926d17a3287dc8639ea1434fe3cd0cb4e61d82101ba754922cfc7a633" kubelet_checksum: "f2d1eae3fa6e304f6cbc9b2621e4b86fc3bcb4e74a15d35f58bf00e45c706e0a" @@ -45,6 +47,13 @@ downloads: owner: "root" mode: "0755" + - name: weave + dest: weave/bin/weave + url: "{{weave_download_url}}" + sha256: "{{ weave_checksum }}" + owner: "root" + mode: "0755" + - name: etcd dest: "etcd/etcd-{{ etcd_version }}-linux-amd64.tar.gz" sha256: "{{ etcd_checksum }}" diff --git a/roles/kubernetes/node/templates/kubelet.j2 b/roles/kubernetes/node/templates/kubelet.j2 index 55842874e..73e7fe604 100644 --- a/roles/kubernetes/node/templates/kubelet.j2 +++ b/roles/kubernetes/node/templates/kubelet.j2 @@ -25,10 +25,12 @@ KUBELET_ARGS="--kubeconfig={{ kube_config_dir}}/kubelet.kubeconfig --config={{ k {% endif %} {% if kube_network_plugin is defined and kube_network_plugin == "calico" %} KUBELET_NETWORK_PLUGIN="--network_plugin=cni --network-plugin-dir=/etc/cni/net.d" +{% elif kube_network_plugin is defined and kube_network_plugin == "weave" %} +DOCKER_SOCKET="--docker-endpoint=unix:/var/run/weave/weave.sock" {% endif %} # Should this cluster be allowed to run privileged docker containers KUBE_ALLOW_PRIV="--allow_privileged=true" {% if init_system == "sysvinit" %} DAEMON_ARGS="$KUBE_LOGGING $KUBE_LOG_LEVEL $KUBE_ALLOW_PRIV $KUBELET_API_SERVER $KUBELET_ADDRESS \ -$KUBELET_HOSTNAME $KUBELET_REGISTER_NODE $KUBELET_ARGS $KUBELET_ARGS $KUBELET_NETWORK_PLUGIN" +$KUBELET_HOSTNAME $KUBELET_REGISTER_NODE $KUBELET_ARGS $DOCKER_SOCKET $KUBELET_ARGS $KUBELET_NETWORK_PLUGIN" {% endif %} diff --git a/roles/kubernetes/node/templates/kubelet.service.j2 b/roles/kubernetes/node/templates/kubelet.service.j2 index 13e9c6506..6ffa07309 100644 --- a/roles/kubernetes/node/templates/kubelet.service.j2 +++ b/roles/kubernetes/node/templates/kubelet.service.j2 @@ -10,16 +10,17 @@ After=docker.service [Service] EnvironmentFile=/etc/kubernetes/kubelet.env ExecStart={{ bin_dir }}/kubelet \ - $KUBE_LOGTOSTDERR \ - $KUBE_LOG_LEVEL \ - $KUBELET_API_SERVER \ - $KUBELET_ADDRESS \ - $KUBELET_PORT \ - $KUBELET_HOSTNAME \ - $KUBE_ALLOW_PRIV \ - $KUBELET_ARGS \ - $KUBELET_REGISTER_NODE \ - $KUBELET_NETWORK_PLUGIN + $KUBE_LOGTOSTDERR \ + $KUBE_LOG_LEVEL \ + $KUBELET_API_SERVER \ + $KUBELET_ADDRESS \ + $KUBELET_PORT \ + $KUBELET_HOSTNAME \ + $KUBE_ALLOW_PRIV \ + $KUBELET_ARGS \ + $DOCKER_SOCKET \ + $KUBELET_REGISTER_NODE \ + $KUBELET_NETWORK_PLUGIN Restart=on-failure [Install] diff --git a/roles/network_plugin/meta/main.yml b/roles/network_plugin/meta/main.yml index 6d9e8fbd7..736262ab0 100644 --- a/roles/network_plugin/meta/main.yml +++ b/roles/network_plugin/meta/main.yml @@ -4,3 +4,5 @@ dependencies: when: kube_network_plugin == 'calico' - role: network_plugin/flannel when: kube_network_plugin == 'flannel' + - role: network_plugin/weave + when: kube_network_plugin == 'weave' diff --git a/roles/network_plugin/weave/defaults/main.yml b/roles/network_plugin/weave/defaults/main.yml new file mode 100644 index 000000000..e648133bc --- /dev/null +++ b/roles/network_plugin/weave/defaults/main.yml @@ -0,0 +1,11 @@ +--- + +# Flannel public IP +# The address that flannel should advertise as how to access the system +flannel_public_ip: "{{ access_ip|default(ip|default(ansible_default_ipv4.address)) }}" + +## interface that should be used for flannel operations +## This is actually an inventory node-level item +# flannel_interface: + +# cloud_provider: no \ No newline at end of file diff --git a/roles/network_plugin/weave/handlers/main.yml b/roles/network_plugin/weave/handlers/main.yml new file mode 100644 index 000000000..959db16c7 --- /dev/null +++ b/roles/network_plugin/weave/handlers/main.yml @@ -0,0 +1,48 @@ +--- +- name: restart docker + command: /bin/true + notify: + - reload systemd + - reload docker + +- name : reload systemd + shell: systemctl daemon-reload + when: init_system == "systemd" + +- name: restart weave + command: /bin/true + notify: + - reload systemd + - reload weave + +- name: restart weaveproxy + command: /bin/true + notify: + - reload systemd + - reload weaveproxy + +- name: restart weaveexpose + command: /bin/true + notify: + - reload systemd + - reload weaveexpose + +- name: reload docker + service: + name: docker + state: restarted + +- name: reload weave + service: + name: weave + state: restarted + +- name: reload weaveproxy + service: + name: weaveproxy + state: restarted + +- name: reload weaveexpose + service: + name: weaveexpose + state: restarted diff --git a/roles/network_plugin/weave/tasks/main.yml b/roles/network_plugin/weave/tasks/main.yml new file mode 100644 index 000000000..0fbbbc35d --- /dev/null +++ b/roles/network_plugin/weave/tasks/main.yml @@ -0,0 +1,64 @@ +--- +- name: Set docker daemon options + template: + src: docker + dest: "/etc/default/docker" + owner: root + group: root + mode: 0644 + notify: + - restart docker + +- name: Write docker.service systemd file + template: + src: systemd-docker.service + dest: /lib/systemd/system/docker.service + notify: restart docker + when: init_system == "systemd" + +- meta: flush_handlers + +- name: Weave | Install weave + command: rsync -piu "{{ local_release_dir }}/weave/bin/weave" "{{ bin_dir }}/weave" + changed_when: false + +- name: Weave | pull weave images + shell: "{{ bin_dir }}/weave setup" + changed_when: false + +- name: Weave | set perms + file: path="{{ bin_dir }}/weave" mode=0755 state=file + +- name: Weave | Set options + template: + src: weave.j2 + dest: "/etc/weave.env" + owner: root + group: root + mode: 0644 + notify: + - restart systemd-weave + +- name: Weave | Write weave systemd init file + template: src=weave.service.j2 dest=/etc/systemd/system/weave.service + when: init_system == "systemd" + notify: restart systemd-weave + +- name: Weave | Write weaveproxy systemd init file + template: src=weaveproxy.service.j2 dest=/etc/systemd/system/weaveproxy.service + when: init_system == "systemd" + notify: restart systemd-weaveproxy + +- name: Weave | Write weaveexpose systemd init file + template: src=weaveexpose.service.j2 dest=/etc/systemd/system/weaveexpose.service + when: init_system == "systemd" + notify: restart systemd-weaveexpose + +- name: Weave | Enable weave + service: name=weave enabled=yes state=started + +- name: Weave | Enable weaveproxy + service: name=weaveproxy enabled=yes state=started + +- name: Weave | Enable weaveexpose + service: name=weaveexpose enabled=yes state=started diff --git a/roles/network_plugin/weave/templates/docker b/roles/network_plugin/weave/templates/docker new file mode 100644 index 000000000..eefd150e1 --- /dev/null +++ b/roles/network_plugin/weave/templates/docker @@ -0,0 +1,6 @@ +# Deployed by Ansible +{% if init_system == "sysvinit" and kube_network_plugin == "flannel" and ansible_os_family == "Debian" %} +DOCKER_OPTS="--bip={{ flannel_subnet }} --mtu={{ flannel_mtu }}" +{% elif kube_network_plugin == "flannel" %} +OPTIONS="--bip={{ flannel_subnet }} --mtu={{ flannel_mtu }}" +{% endif %} diff --git a/roles/network_plugin/weave/templates/systemd-docker.service b/roles/network_plugin/weave/templates/systemd-docker.service new file mode 100644 index 000000000..3275c6e24 --- /dev/null +++ b/roles/network_plugin/weave/templates/systemd-docker.service @@ -0,0 +1,28 @@ +[Unit] +Description=Docker Application Container Engine +Documentation=http://docs.docker.com +{% if ansible_os_family == "RedHat" %} +After=network.target +Wants=docker-storage-setup.service +{% elif ansible_os_family == "Debian" %} +After=network.target docker.socket +Requires=docker.socket +{% endif %} + +[Service] +Type=notify +EnvironmentFile=-/etc/default/docker +Environment=GOTRACEBACK=crash +ExecStart=/usr/bin/docker daemon \ + $OPTIONS \ + $DOCKER_STORAGE_OPTIONS \ + $DOCKER_NETWORK_OPTIONS \ + $INSECURE_REGISTRY +LimitNOFILE=1048576 +LimitNPROC=1048576 +LimitCORE=infinity +MountFlags=slave +TimeoutStartSec=1min + +[Install] +WantedBy=multi-user.target diff --git a/roles/network_plugin/weave/templates/weave b/roles/network_plugin/weave/templates/weave new file mode 100644 index 000000000..2390bc472 --- /dev/null +++ b/roles/network_plugin/weave/templates/weave @@ -0,0 +1,4 @@ +PEERS="{% for host in groups['k8s-cluster'] %}{{ hostvars[host]['ip'] | default( hostvars[host]['ansible_default_ipv4']['address']) }}{% if not loop.last %} {% endif %}{% endfor %}" +{% if weave_password is defined %} +WEAVE_PASSWORD="{{ weave_password }}" +{% endif %} diff --git a/roles/network_plugin/weave/templates/weave.j2 b/roles/network_plugin/weave/templates/weave.j2 new file mode 100644 index 000000000..87c4b91b7 --- /dev/null +++ b/roles/network_plugin/weave/templates/weave.j2 @@ -0,0 +1,6 @@ +WEAVE_PEERS="{% for host in groups['k8s-cluster'] %}{{ hostvars[host]['ip'] | default( hostvars[host]['ansible_default_ipv4']['address']) }}{% if not loop.last %} {% endif %}{% endfor %}" +WEAVEPROXY_ARGS="--rewrite-inspect --without-dns" +WEAVE_SUBNET="--ipalloc-range {{ kube_pods_subnet }}" +{% if weave_password is defined %} +WEAVE_PASSWORD="{{ weave_password }}" +{% endif %} diff --git a/roles/network_plugin/weave/templates/weave.service.j2 b/roles/network_plugin/weave/templates/weave.service.j2 new file mode 100644 index 000000000..a4e9e8d8e --- /dev/null +++ b/roles/network_plugin/weave/templates/weave.service.j2 @@ -0,0 +1,16 @@ +[Unit] +Description=Weave Network +Documentation=http://docs.weave.works/weave/latest_release/ +Requires=docker.service +After=docker.service + +[Service] +EnvironmentFile=-/etc/weave.env +ExecStartPre={{ bin_dir }}/weave launch-router \ + $WEAVE_SUBNET \ + $WEAVE_PEERS +ExecStart=/usr/bin/docker attach weave +ExecStop={{ bin_dir }}/weave stop-router + +[Install] +WantedBy=multi-user.target diff --git a/roles/network_plugin/weave/templates/weaveexpose.service.j2 b/roles/network_plugin/weave/templates/weaveexpose.service.j2 new file mode 100644 index 000000000..03446ee0f --- /dev/null +++ b/roles/network_plugin/weave/templates/weaveexpose.service.j2 @@ -0,0 +1,18 @@ +[Unit] +Documentation=http://docs.weave.works/ +Requires=docker.service +Requires=weave.service +After=weave.service +After=docker.service + +[Service] +Type=oneshot +RemainAfterExit=yes +TimeoutStartSec=0 +EnvironmentFile=-/etc/weave.%H.env +EnvironmentFile=-/etc/weave.env +ExecStart={{ bin_dir }}/weave expose +ExecStop={{ bin_dir }}/weave hide + +[Install] +WantedBy=weave-network.target diff --git a/roles/network_plugin/weave/templates/weaveproxy.service.j2 b/roles/network_plugin/weave/templates/weaveproxy.service.j2 new file mode 100644 index 000000000..fe5032893 --- /dev/null +++ b/roles/network_plugin/weave/templates/weaveproxy.service.j2 @@ -0,0 +1,16 @@ +[Unit] +Description=Weave proxy for Docker API +Documentation=http://docs.weave.works/ +Requires=docker.service +After=docker.service + +[Service] +EnvironmentFile=-/etc/weave.%H.env +EnvironmentFile=-/etc/weave.env +ExecStartPre={{ bin_dir }}/weave launch-proxy $WEAVEPROXY_ARGS +ExecStart=/usr/bin/docker attach weaveproxy +Restart=on-failure +ExecStop=/opt/bin/weave stop-proxy + +[Install] +WantedBy=weave-network.target From 793d665db4b03307de90221f3a2fb1f735f13cc2 Mon Sep 17 00:00:00 2001 From: Smana Date: Tue, 9 Feb 2016 19:55:57 +0100 Subject: [PATCH 2/2] specify weave version --- README.md | 7 +++++-- inventory/group_vars/all.yml | 2 +- roles/download/defaults/main.yml | 3 ++- roles/network_plugin/weave/defaults/main.yml | 11 ----------- roles/network_plugin/weave/templates/docker | 6 +----- roles/network_plugin/weave/templates/weave | 4 ---- roles/network_plugin/weave/templates/weave.j2 | 2 +- 7 files changed, 10 insertions(+), 25 deletions(-) delete mode 100644 roles/network_plugin/weave/defaults/main.yml delete mode 100644 roles/network_plugin/weave/templates/weave diff --git a/README.md b/README.md index dc35e7ff6..795ba9a13 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -[![Build Status](https://travis-ci.org/ansibl8s/setup-kubernetes.svg)](https://travis-ci.org/ansibl8s/setup-kubernetes) +[![Build Status](https://travis-ci.org/kubespray/setup-kubernetes.svg)](https://travis-ci.org/kubespray/setup-kubernetes) kubernetes-ansible ======== @@ -27,6 +27,7 @@ in order to avoid any issue during deployment you should disable your firewall * [etcd](https://github.com/coreos/etcd/releases) v2.2.4 * [calicoctl](https://github.com/projectcalico/calico-docker/releases) v0.16.0 * [flanneld](https://github.com/coreos/flannel/releases) v0.5.5 +* [weave](http://weave.works/) v1.4.4 * [docker](https://www.docker.com/) v1.9.1 Quickstart @@ -143,12 +144,14 @@ In order to do so, some variables have to be used '**loadbalancer_apiserver**' a ### Network Plugin -You can choose between 2 network plugins. Only one must be chosen. +You can choose between 3 network plugins. Only one must be chosen. * **flannel**: gre/vxlan (layer 2) networking. ([official docs](https://github.com/coreos/flannel)) * **calico**: bgp (layer 3) networking. ([official docs](http://docs.projectcalico.org/en/0.13/)) +* **weave**: Weave is a lightweight container overlay network that doesn't require an external K/V database cluster. ([official docs](http://weave.works/docs/)) + The choice is defined with the variable **kube_network_plugin** diff --git a/inventory/group_vars/all.yml b/inventory/group_vars/all.yml index 2cc35d707..4c4d4b4fb 100644 --- a/inventory/group_vars/all.yml +++ b/inventory/group_vars/all.yml @@ -46,7 +46,7 @@ cluster_name: cluster.local # but don't know about that address themselves. # access_ip: 1.1.1.1 -# Choose network plugin (calico or flannel) +# Choose network plugin (calico, weave or flannel) kube_network_plugin: calico # Kubernetes internal network for services, unused block of space. diff --git a/roles/download/defaults/main.yml b/roles/download/defaults/main.yml index f35c1a2a0..9a5ba380b 100644 --- a/roles/download/defaults/main.yml +++ b/roles/download/defaults/main.yml @@ -6,6 +6,7 @@ kube_version: v1.1.4 etcd_version: v2.2.4 calico_version: v0.16.0 calico_cni_version: v1.0.0 +weave_version: v1.4.4 # Download URL's kube_download_url: "https://storage.googleapis.com/kubernetes-release/release/{{ kube_version }}/bin/linux/amd64" @@ -13,7 +14,7 @@ etcd_download_url: "https://github.com/coreos/etcd/releases/download/{{ etcd_ver calico_download_url: "https://github.com/Metaswitch/calico-docker/releases/download/{{calico_version}}/calicoctl" calico_cni_download_url: "https://github.com/projectcalico/calico-cni/releases/download/{{calico_cni_version}}/calico" calico_cni_ipam_download_url: "https://github.com/projectcalico/calico-cni/releases/download/{{calico_cni_version}}/calico-ipam" -weave_download_url: "http://git.io/weave" +weave_download_url: "https://github.com/weaveworks/weave/releases/download/{{weave_version}}/weave" # Checksums calico_checksum: "cfbbcad4b3b7d79be9a25bcdc153ec1d139eecd54840914a363b0710eebc5c51" diff --git a/roles/network_plugin/weave/defaults/main.yml b/roles/network_plugin/weave/defaults/main.yml deleted file mode 100644 index e648133bc..000000000 --- a/roles/network_plugin/weave/defaults/main.yml +++ /dev/null @@ -1,11 +0,0 @@ ---- - -# Flannel public IP -# The address that flannel should advertise as how to access the system -flannel_public_ip: "{{ access_ip|default(ip|default(ansible_default_ipv4.address)) }}" - -## interface that should be used for flannel operations -## This is actually an inventory node-level item -# flannel_interface: - -# cloud_provider: no \ No newline at end of file diff --git a/roles/network_plugin/weave/templates/docker b/roles/network_plugin/weave/templates/docker index eefd150e1..970ea051d 100644 --- a/roles/network_plugin/weave/templates/docker +++ b/roles/network_plugin/weave/templates/docker @@ -1,6 +1,2 @@ # Deployed by Ansible -{% if init_system == "sysvinit" and kube_network_plugin == "flannel" and ansible_os_family == "Debian" %} -DOCKER_OPTS="--bip={{ flannel_subnet }} --mtu={{ flannel_mtu }}" -{% elif kube_network_plugin == "flannel" %} -OPTIONS="--bip={{ flannel_subnet }} --mtu={{ flannel_mtu }}" -{% endif %} +DOCKER_OPTS="" diff --git a/roles/network_plugin/weave/templates/weave b/roles/network_plugin/weave/templates/weave deleted file mode 100644 index 2390bc472..000000000 --- a/roles/network_plugin/weave/templates/weave +++ /dev/null @@ -1,4 +0,0 @@ -PEERS="{% for host in groups['k8s-cluster'] %}{{ hostvars[host]['ip'] | default( hostvars[host]['ansible_default_ipv4']['address']) }}{% if not loop.last %} {% endif %}{% endfor %}" -{% if weave_password is defined %} -WEAVE_PASSWORD="{{ weave_password }}" -{% endif %} diff --git a/roles/network_plugin/weave/templates/weave.j2 b/roles/network_plugin/weave/templates/weave.j2 index 87c4b91b7..865eb96a7 100644 --- a/roles/network_plugin/weave/templates/weave.j2 +++ b/roles/network_plugin/weave/templates/weave.j2 @@ -1,4 +1,4 @@ -WEAVE_PEERS="{% for host in groups['k8s-cluster'] %}{{ hostvars[host]['ip'] | default( hostvars[host]['ansible_default_ipv4']['address']) }}{% if not loop.last %} {% endif %}{% endfor %}" +WEAVE_PEERS="{% for host in groups['k8s-cluster'] %}{{ hostvars[host]['access_ip'] | default(hostvars[host]['ip'] | default(hostvars[host]['ansible_default_ipv4']['address'])) }}{% if not loop.last %} {% endif %}{% endfor %}" WEAVEPROXY_ARGS="--rewrite-inspect --without-dns" WEAVE_SUBNET="--ipalloc-range {{ kube_pods_subnet }}" {% if weave_password is defined %}